Android phones at risk: PromptSpy malware exploits AI
Generative AI helps malware adapt to different screens and prevent easy removal
Security researchers have discovered a new Android malware operation called PromptSpy, which uses Google Gemini AI to continue running on infected devices. The malware first appeared to ESET in February 2026, and it can adapt to different OS versions and device layouts, which makes removal operations more difficult for users.
The malware primarily targets Argentine users through phishing websites that pretend to be banks for distributing the malicious software.
How does PromptSpy use AI?
PromptSpy uses Gemini AI to analyse the device’s current screen and provide step-by-step tap and swipe instructions, keeping the malicious app pinned in the Recent Apps list. “Leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, greatly expanding the pool of potential victims,” the ESET report says.
Instead of relying on fixed coordinates, the AI receives an XML screen dump and responds with JSON instructions for the malware.
The malware includes a VNC module for full remote control, abuses Android Accessibility Services to block removal, records lockscreen data, and captures video. It communicates with its C2 server via encrypted channels and can overlay invisible elements over uninstall buttons to prevent deletion.
PromptSpy is delivered via a dropper through dedicated phishing websites, rather than Google Play, and is thought to originate from a Chinese-speaking environment based on code analysis.
PromptSpy represents a new evolution in malware, demonstrating how generative AI can make attacks more dynamic and resilient. By adapting in real time to different interfaces, it increases the difficulty of removal and enhances the impact of the attack.
“PromptSpy is an early example of generative AI-powered Android malware, illustrating how quickly attackers misuse AI tools,” ESET concludes. Users are advised to avoid suspicious websites and rely on security solutions such as Google Play Protect to block known variants.
-
What happens if ChatGPT gains access to your financial accounts? Experts are alarmed -
Anthropic seeks legal pause on Pentagon supply-chain risk decision: Here’s why -
'AI washing' or real shift? Atlassian cuts 1,600 jobs in latest tech shake-up -
Experts predict AI will trigger biggest shift in mathematics history -
China’s cyber agency raises concerns over OpenClaw AI -
WhatsApp plans major change for younger users -
Musk unveils Tesla, xAI joint project ‘Macrohard’ amid advanced AI push -
Nvidia secures $2 billion deal with AI cloud provider Nebius